Generating reverse installation file for network restoration

ABSTRACT

Embodiments relate to systems and methods for generating a reverse installation file for network restoration. A set of managed machines, such as personal computers or servers, can be managed by a network management engine communicating with the machines via a secure channel. The network management engine can scan the managed network for kickstart, or provisioning answer files, that were used to install software to network nodes at a prior time. The network management engine can access the original kickstart file, and update that file to reflect a current state of the associated machine by inserting user-supplied updates, storage configuration updates, security credentials, and/or other data. Upon a crash or other malfunction of the associated machine, the network management platform can access the reverse kickstart file and generate a restoration of that node to a current state from the reverse kickstart data.

FIELD

The present teachings relate to systems and methods for generatingreverse installation file for network restoration, and more particularlyto platforms and techniques for accessing previous kickstartinstallation files used to provision machines in a managed network, andgenerate a reverse kickstart file by updating the original kickstartfile with user-supplied modifications and other configuration changes torebuild the associated systems to a current state.

BACKGROUND OF RELATED ART

Network management platforms exist which permit a systems administratorto connect to a set of targets in a network, and perform maintenance anddiagnostic activities on that group of managed machines. The networkmanagement platform can identify individual targets via a public key orother security credential, and identify the software provisioningrequirements, obtain a hardware inventory, or perform other managementtasks on validated machines. In general, existing network managementplatforms can be hosted on a central server or other facility thatpermits connection to, identification, and management of the set oftargets.

In terms of the maintenance of machines populated on a network as wellas the maintenance of the network on a comprehensive basis, systemsadministrators from time to time may need to take stock of individualmachines and their network relationships. The managed network may needto be interrogated to determine installation configurations and networkinterconnections, for instance, to prepare for the possible restorationof the network or individual machines in the event of a crash,intrusion, disaster, or other unforeseen hazard.

Existing network management platforms suffer from various limitations ofdesign and function, however, in terms of their ability to manage anylow-level or high-level restoration process. For one, in the event ofthe failure of multiple servers, clients, or other nodes or machines,existing platforms are not equipped to identify the softwaredependencies of one machine on another. For instance, where one serversupports a Web page for commercial online customers whose accounts arestored in a second remote database, it may be necessary to restore thedatabase server first, before the Web server, to ensure account data canbe retrieved using that networked software or service. Besides crashrecovery, the ability to identify software-related dependencies wouldalso prove useful for security management purposes, if that capabilitywere available.

For further instance, in the case of the corruption or loss ofindividual machines, the particular configuration of those machines canbe difficult or impossible to restore using existing network managementplatforms. While individual “kickstart” files reflecting initialconfiguration states can be received from targets or other machinesduring installation, those files can be lost or damaged in existingnetwork management platforms, which have no facility for managing suchfiles. Kickstart files can, in general, include any type of installationanswer file, such as, for instance, JumpStart, AutoYast, preseed, orother files or protocols. In further regards, existing networkmanagement platforms or provisioning platforms provide no integratedtool to attempt the restoration of an entire datacenter or network,including all individual nodes and taking software dependency intoaccount. Thus, there is a need in the art for methods and systems thatprovide centralized management of restoration and related operations.

DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this specification, illustrate embodiments of the presentteachings and together with the description, serve to explain theprinciples of the present teachings. In the figures:

FIG. 1 illustrates an overall network in which systems and methods forgenerating reverse installation file for network restoration can bepracticed, according to various embodiments of the present teachings;

FIG. 2 illustrates an overall network in which systems and methods forgenerating reverse installation file for network restoration can bepracticed to various embodiments of the present teachings, includingdata exchange;

FIG. 3 illustrates an illustrative hardware configuration which cansupport systems and methods for generating reverse installation file fornetwork restoration according to various embodiments of the presentteachings;

FIG. 4 illustrates a flowchart for software dependency processing,according to various embodiments of the present teachings;

FIG. 5 illustrates a flowchart of generation of a reverse kickstartfile, according to various embodiments of the present teachings; and

FIG. 6 illustrates a flowchart of generating a network-scale restorationin controlled physical order, according to various embodiments of thepresent teachings.

DESCRIPTION OF EMBODIMENTS

Embodiments of the present teachings relate to systems and methods forgenerating reverse installation file for network restoration. Moreparticularly, embodiments relate to platforms and techniques forlocating an original kickstart file used during a provisioning orinstallation session, and generating a reverse kickstart file byinserting configuration changes made to the node since installation. Anetwork management platform can insert user-supplied updates, an areafor storage configuration updates, security credentials, and other datato reflect a current state of the machine or node corresponding to thereverse kickstart file. When a crash or other malfunction occurs, thereverse kickstart file can be accessed and used to re-provision orre-install software or other resources on the disabled machine to acurrent state.

Reference will now be made in detail to exemplary embodiments of thepresent teachings, which are illustrated in the accompanying drawings.Where possible the same reference numbers will be used throughout thedrawings to refer to the same or like parts.

FIG. 1 illustrates an overall system 100 in which systems and methodsfor generating reverse installation file for network restoration can beimplemented, according to various embodiments of the present teachings.In embodiments as shown, network management platform 102 can communicatewith managed network 116 via a secure channel 148. Secure channel 148can for instance be or include the secure channel and related resourcesdescribed in co-pending U.S. application Ser. No. 12/130,424, filed May30, 2008, entitled “Systems and Methods for Remote Management ofNetworked Systems Using Secure Modular Platform,” which published asU.S. Patent Application Publication No. 2009/0300180, assigned or underobligation of assignment to the same entity as this application, andwhich application is incorporated by reference herein. Secure channel148 can be or include, for example, a secure socket layer (SSL)connection, a channel established using a public/private keyinfrastructure, and/or other connections, channels, or protocols.Managed network 116 can include, as shown, a set of supervisory hosts112, a set of targets 180, and/or other machines, devices, clients,and/or other hardware, software, storage or other resources.

While secure channel 148 is illustratively shown as one channel tomanaged network 116 or devices therein, it will be understood that inembodiments, secure channel 148 can comprise multiple channels orconnections. In embodiments, secure channel 148 can instead be replacedby a non-secure channel or connection. In general, network managementplatform 102 can communicate with the managed network 116 and itsconstituent machines and resources, which can for instance comprisepersonal computers, servers, network-enable devices, virtual machines,and/or other devices, and manage the security of those machines underthe supervision of network management platform 102. The networkmanagement platform 102 can host a set of engines, logic, and/or otherresources to interrogate managed network 116 and identify softwaredependencies, reverse kickstart files, and/or network-wide restorationdata or policies to manage the tracking, backup, and restoration ofmanaged network 116 and/or its constituent nodes, machines, andresources. Network management platform 102 can, in embodiments as shown,host engines or logic including dependency engine 186, reverse kickstartgenerator 188, and network reconstruction engine 190. Network managementplatform 102 can communicate with network store 104 to establish,maintain and store dependency map 162, set of reverse kickstart files166, and network reconstruction data 168. Other logic and data storescan be used.

The network management platform 102 can also for instance establish aset of security policies for managed machines in its domain, includingfor example an access control list (ACL) and/or other policies, lists,or parameters for the maintenance and management of managed network 116.Security policies and other data can for instance be stored in networkstore 104.

Network management platform 102 can establish secure connection 148 orother connection to managed network 116, and conduct network scanning,backup and restoration operations, according to various embodimentsdescribed herein.

According to embodiments in one regard, network management platform 102can operate to connect to a given one or more of managed network 116 toprobe managed network 116 for software-based dependencies in two or morenodes in the network. As for example more particularly shown in FIG. 2,network management platform 102 can host a dependency engine 186 tointerrogate managed network 116 and identify software-based dependenciesamongst targets, hosts, and/or other nodes in managed network 116.Dependency engine 186 can for instance issue one or more discoverycommand 120 to cause set of targets 180, set of supervisory hosts 112,and/or other nodes in managed network 116 to report applications orother software or services with which those nodes communicate, forinstance to receive input or initiate services. According to variousembodiments, one or more discovery command 120 can probe for, request,and transmit various types of data to dependency engine 186 to generatedependency map 162 based on the responses from nodes in managed network116. One or more discovery command 120 can, for instance, probe forreports on virtual hosts and guests, including what virtual process runson what node or machine. One or more discovery command 120 can likewiseprobe for reports on which nodes or machines have which other machinesin an SSH (Secure Shell protocol) authorized keys file, and/or whichtargets in set of targets 180 may have received authentication tocommunicate with/act as a local supervisory node to other low-leveltargets. One or more discovery command 120 can, for instance, probe forreports on what configuration files indicate that network services, suchas, for instance, sendmail, dns, syslog, or other services, referenceother nodes or machines. One or more discovery command 120 can, for yetfurther instance, probe for reports on what network connections arepresent in a given node or machine, analogous to a “netstat-a-n”command. Other commands, requests, reports, or other probes can be used.

After receiving responses to one or more discovery command 120, networkmanagement platform 102 can build dependency map 162 encoding thesoftware-based dependencies between set of target 180, set ofsupervisory hosts 112, and/or other nodes in managed network 116.Dependency map 162 can, for example, be configured as an ordered list, atree, a graph, a database, a spreadsheet, and/or other data structure orcoding. Dependency map 162 can encode relationships between software,services, and/or nodes of managed network 116, for instance to recordthat “Software Application A running on node 44 requires SoftwareApplication B running on node 32,” or other orderings or relations.According to embodiments in further regards, network management platform102 can thereby access dependency map 162 and reconstruct an ordered setof software installations and/or machine re-initializations to becarried out after an interruption in managed network 116, such as aphysical disaster, security intrusion, or other event. Networkmanagement platform 102 can also operate on dependency map 162 toexamine managed network 116 for security, configuration or issues,and/or carry out cloning operations for any nodes in the network, or thenetwork itself. Because necessary relations between software, servicesand/or nodes can be effectively encoded in dependency map 162, softwarerestoration in a logically necessary order can be generated at anyneeded time, enhancing the security and reliability of managed network116. According to embodiments in further regards, network managementplatform 102 can operate to connect to managed network 116 and extractor build a reverse kickstart file 166, as also for instance illustratedin FIG. 2.

In embodiments as shown, network management platform 102 can issue oneor more discovery commands 120 to locate any original kickstart filesgenerated during an installation or initialization process for any nodeof managed network 116. The kickstart files which one or more discoverycommands 120 seek out can be kickstart files and related data such asthat described in co-pending U.S. patent application Ser. No.11/763,315, U.S. Patent Application Publication No. 2008/0288938 andU.S. patent application Ser. No. 11/763,333, U.S. Patent Publication No.2008/0288939, the disclosures of which are incorporated herein, in theirentirety, by reference. According to various embodiments, networkmanagement platform 102 can locate any kickstart file copied by theinstaller and perform other operations using reverse kickstart generator188, or other logic. If present, in embodiments “/root/anaconda.ks canbe used as a base point to locate any kickstart files. In embodiments,some or all instructions or data of reverse kickstart file 166 can alsobe generated by analyzing the file system, application configurations,RPM database, and other resources in case the original kickstart file isnot located. Network management platform 102 can further access apackage management tool or application programming interfaces (APIs),such as “rpm-va” or yum-based protocols, to determine what files thatwere originally present in installation packages have beenuser-modified. If user-modified files are found, those files can beembedded in reverse kickstart file 166, which in embodiments can bestored to “% post” or other locations. Network management platform 102can further scan managed network, for instance using available storageAPIs, to detect mounted file systems in a subject node and regenerate anew section of reverse kickstart file 166 that represents the storagesection of the installation. This section can, in embodiments, replacethe section in the original kickstart file whose image is beingextracted. In embodiments, network mounted file systems can also bedetected, and for instance stored to “% post” or other locations.

In embodiments, network management platform can likewise embed/includeany authorized keys in the reverse kickstart file 166, as well as anyfiles not controlled by a package management tool. In embodiments,instead of embedding/including said files in reverse kickstart file 166,that data can be stored to a backup system (such as, for example, baculaor rdiff-backup) and be made to include in the reverse kickstart file166 the paths/commands needed to restore them. Once the reversekickstart file 166 is generated, it can then be used stand alone or witha provisioning platform 170 to recreate the systems, in currentconfigurations, from scratch, effectively automatically reverseengineering their configuration from their current state. The systemsadministrator can later adjust reverse kickstart 166 as needed to beginmaintaining and updating captured systems via that mechanism, or usethat resource to clone or restore more systems as needed, for instancefor disaster recovery purposes.

According to embodiments in one regard, network management platform 102can operate to connect to a given one or more of managed network 116 togenerate a reconstruction of managed network 116 in the event of asignificant or large-scale network malfunction, intrusion, or disaster.As for example also more particularly shown in FIG. 2, networkmanagement engine 102 can host network reconstruction engine 190communicating with network reconstruction data 168 to perform an orderedrestoration of a portion or all of managed network. In embodiments asshown, network reconstruction engine 190 can incorporate and/or accessboth reverse kickstart files and software dependency mappings asdescribed herein, to perform a comprehensive or large-sale restorationof managed network 116 in a logically structured physical order. Inembodiments, network management engine 102 via network reconstructionengine 190 can operate to generate a set of reconstruction commands 172by accessing dependency map 162, reverse kickstart file 166, networkreconstruction data 168, and/or other data or resources. In embodiments,the network reconstruction engine 190 can access dependency map 162, andidentify a set of ordered nodes to restore to managed network 116. Foreach node, network reconstruction engine 190 can access a reversekickstart file 166 or other source to re-provision the softwareresources of that node, or otherwise restore that node to managednetwork 116. Some or all of the restoration or re-provisioning of thenodes of managed network 116 can be performed by a provisioning platform170, such as that described in the aforementioned in co-pending U.S.patent application Ser. No. 11/763,315, U.S. Patent ApplicationPublication No. 2008/0288938 and U.S. patent application Ser. No.11/763,333, U.S. Patent Publication No. 2008/0288939, or other platformsor systems. In embodiments, files for restoration can be served from abackup server or system, if file sizes dictate. Once a network-wide orcomplete datacenter restoration has been performed in dependency orother order, network management platform 102 can execute one or morevalidation or debugging tests, using for example a secure connection andrelated resources such as those described in the afore-mentioned U.S.application Ser. No. 12/130,424, filed May 30, 2008, entitled “Systemsand Methods for Remote Management of Networked Systems Using SecureModular Platform,” which published as U.S. Patent ApplicationPublication No. 2009/0300180. Other network management platforms orsystems can be used.

FIG. 3 illustrates an exemplary diagram of hardware and other resourcesthat can be incorporated in a network management platform 102 configuredto communicate with managed network 116 and/or other resources,according to embodiments. In embodiments as shown, the networkmanagement platform 102 can comprise a processor 124 communicating withmemory 126, such as electronic random access memory, operating undercontrol of or in conjunction with operating system 130. Operating system130 can be, for example, a distribution of the Linux™ operating system,the Unix™ operating system, or other open-source or proprietaryoperating system or platform. Processor 124 also communicates with anetwork store 104, such as a database stored on a local hard drive.Processor 124 further communicates with network interface 128, such asan Ethernet or wireless data connection, which in turn communicates withone or more networks 110, such as the Internet or other public orprivate networks. Processor 124 also communicates with dependency engine186, reverse kickstart generator 188, and network reconstruction engine190, to execute control logic and perform management and restorationprocesses described herein. Other configurations of the networkmanagement platform 102, associated network connections, and otherhardware and software resources are possible. While FIG. 3 illustratesnetwork management platform 102 as a standalone system comprises acombination of hardware and software, network management platform 102can also be implemented as a software application or program capable ofbeing executed by a conventional computer platform. Likewise, networkmanagement platform 102 can also be implemented as a software module orprogram module capable of being incorporated in other softwareapplications and programs. In either case, network management platform102 can be implemented in any type of conventional proprietary oropen-source computer language.

FIG. 4 illustrates a flowchart of processing to manage softwaredependency and network restoration, according to various embodiments. In402, processing can begin. In 404, a secure connection 148 or otherconnection(s) can be established from network management platform 102 tomanaged network 116. In 406, one or more discovery command 120 can beissued from network management platform 102 to hosts, targets, and/orother nodes in managed network 116 to obtain a report of software and/orservices upon which each node depends or requires. In 408, networkmanagement platform 102 can generate a dependency map 162 indicating thedependency order of relationship between each node and/or its softwarecomplement and other nodes and their software complement in managednetwork 116. Dependency map 162 can be generated, for example, in theform of an ordered list of nodes and/or applications or other software,a tree, a linked list, a graph, a spreadsheet, a database, and/or otherdata structure. In 410, network management platform 102 can initiate asoftware reconstruction, re-installation, recovery, or otherprovisioning or installation process on managed network 116. In 412,network management platform 102 can extract a map, graph, spreadsheet,or other representation or encoding of dependency relationships betweennodes in managed network 116 and/or the software, services and/or otherresources or processes installed, hosted, or accessed on nodes ofmanaged network 116. In 414, network management platform 102 and/orother logic can identify an ordering or other relationship of the nodesof managed network 116 to be rebuilt or re-installed using dependencymap 162 and/or other data. In 416, a re-provisioning or other softwarere-installation process can be executed on managed network 116, forinstance, to provision or install operating systems, applications, data,services, and/or other software to nodes of managed network 118. In 418,a record of the re-installation activity can be generated and/or stored,as appropriate. In 420, as understood by persons skilled in the art,processing can repeat, return to a prior processing point, jump to afurther processing point, or end.

FIG. 5 illustrates a flowchart of processing to manage the generation ofa reverse kickstart or other reverse installation file, according tovarious embodiments. In 502, processing can begin. In 504, networkmanagement platform 102 can search managed network 116 to locate anykickstart or other installation file left over or copied by aninstallation process on nodes of managed network 116. In 506, a reversekickstart file 166 can be created/initialized. In 508, networkmanagement platform 102 can use a package management tool and/or othertool or resource to inspect/identify any user-modified files located onthe target machine or other node for which a reverse kickstart file 166or other reverse installation file is being generated.

In 510, network management platform 102 can located a mounted filesystem(s) and regenerate a new section of the kickstart filerepresenting a storage section of the installation. In 512, the storagepart of the original installation file can be replaced, and/or added orinserted in reverse kickstart file 166. In 514, network managementplatform 102 can generate a record of mounted file systems on the nodeassociated with reverse kickstart file 166. In 516, any authorized keysor other security credentials from the subject node can be embedded inreverse kickstart file 166, and/or the security data can be stored to abackup system in which the security data along with paths, commands,and/or keys needed to restore the node can be inserted. In 518, anyfiles not detected or controlled by the package management tool used bynetwork management platform 102 can be embedded reverse kickstart file166, or those files can be stored to a backup system in which thosefiles along with paths, commands, and/or keys needed to restore the nodecan be inserted. In 520, the network management platform 102 can accessreverse kickstart file 166 and initiate a machine restoration processfor one or more nodes in managed network 116, as appropriate. In 522, asunderstood by persons skilled in the art, processing can repeat, returnto a prior processing point, jump to a further processing point, or end.

FIG. 6 illustrates a flowchart of processing to perform network-scalerestoration, according to various embodiments. In 602, processing canbegin. In 604, a recovery process for a managed network 116 and itscomponents, and/or other datacenter entity can be initiated. In 606, afirst node or nodes required for network recovery can be identifiedbased on dependency map 166, for instance, by identifying thelowest/highest node in managed network 116 required by other nodes. In608, a reverse kickstart file 166 and/or other backup files or dataassociated with the first required node(s) can be extracted from networkstore 104 or other location. In 610, network management platform 102 canbuild installation file(s) for the first required node(s) can be builtfrom reverse kickstart file 166 and/or other data.

In 612, the re-provisioning or re-installation of the first requirednode(s) can be initiated using a provisioning platform 170 and/or othertools or resources. In embodiments, provisioning platform 170 andrelated processes can be or include those described in theaforementioned copending U.S. patent application Ser. No. 11/763,315,U.S. Patent Application Publication No. 2008/0288938 and U.S. patentapplication Ser. No. 11/763,333, U.S. Patent Publication No.2008/0288939. In 614, the identification of a next required node(s)based on dependency map 162 can be begun/repeated, and the extraction ofassociated reverse kickstart file 166 can be begun/repeated, until thelast node of managed network 116 is processed/re-installed. In 616, there-installation of all nodes recovered in managed network 116 can beverified via network management platform 102 after all nodes have beenprocessed. In 618, network management platform 102 can generate a recordof re-installation or recovery activity, as appropriate. In 620, asunderstood by persons skilled in the art, processing can repeat, returnto a prior processing point, jump to a further processing point, or end.

The foregoing description is illustrative, and variations inconfiguration and implementation may occur to persons skilled in theart. For example, while embodiments have been described in which asingle network management platform 102 manages and maintains managednetwork 116, in embodiments, multiple engines, servers, or otherentities can cooperate to perform network management functions. Forfurther example, while embodiments have been described in which theanalysis and creation of a reverse kickstart file 166 is executed via anetwork management server 102, in embodiments, those activities can beperformed by a local machine or other resource. For yet further example,while embodiments have been described in which restoration, dependency,and/or other operations can be performed on a single host or target, inembodiments, multiple diagnostic targets or an entire group of managedmachines can be operated on at one time or together. Other resourcesdescribed as singular or integrated in some embodiments can inembodiments be plural or distributed, and resources described asembodiments as multiple or distributed can in embodiments be combined.The scope of the present teachings is accordingly intended to be limitedonly by the following claims.

What is claimed is:
 1. A method comprising: accessing an originalinstallation automation file used to generate a provisioninginstallation on a target; accessing, by a processing device, a packagemanagement tool to identify one or more files installed on the targetusing the original installation automation file that have been modified;embedding a copy of each of the one or more files that have beenmodified in a reverse installation automation file, the reverseinstallation automation file to re-install software resources on thetarget in the event of a malfunction; inserting at least one of a path,a command, or a key associated with a file not controlled by the packagemanagement tool into the reverse installation automation file, whereinthe file not controlled by the package management tool is stored in abackup storage system; associating a set of security credentialscomprising an authorized key for the target with the reverseinstallation automation file by embedding the set of securitycredentials in the reverse installation automation file, the authorizedkey corresponding to another machine which is authorized to access thetarget; and storing the reverse installation automation file on amachine that is not the target.
 2. The method of claim 1, furthercomprising associating the set of security credentials by storing theset of security credentials to a backup system along with a set ofcommands to extract the set of security credentials from the backupsystem.
 3. The method of claim 1, further comprising generating astorage section by generating a storage section representing a networkmounted file system.
 4. The method of claim 1, further comprisinginitiating a recovery process to re-install software on the at least onetarget using the reverse installation automation file.
 5. The method ofclaim 1, further comprising: associating additional files not managed bya package management tool with the reverse installation automation file.6. A system, comprising: a memory; and a processing device operativelycoupled to the memory, the processing device to: access a packagemanagement tool to identify one or more files installed on a targetdevice in a managed network using the original installation automationfile that have been modified; embed a copy of each of the one or morefiles that have been modified in a reverse installation automation file,the reverse installation automation file to re-install softwareresources on the target in the event of a malfunction; insert at leastone of a path, a command, or a key associated with a file not controlledby the package management tool into the reverse installation automationfile, wherein the file not controlled by the package management tool isstored in a backup storage system; embed a set of security credentialscomprising an authorized key for the target in the reverse installationautomation file to associate the set of security credentials with thereverse installation automation file, the authorized key correspondingto another machine which is authorized to access the target; and storethe reverse installation automation file on a machine that is not thetarget.
 7. The system of claim 6, wherein the processing device isfurther to associate the set of security credentials by storing the setof security credentials to a backup system along with a set of commandsto extract the set of security credentials from the backup system. 8.The system of claim 6, wherein the processing device is further togenerate a storage section by generating a storage section representinga network mounted file system.
 9. The system of claim 6, wherein theprocessing device is further to initiate a recovery process tore-install software on the at least one target using the reverseinstallation automation file.
 10. The network management platform ofclaim 6, wherein the installation automation file comprises a kickstartfile and the reverse installation automation file comprises a reversekickstart file.
 11. The system of claim 6, wherein the processing deviceis further to associate additional files not managed by a packagemanagement tool with the reverse installation automation file.
 12. Anon-transitory machine-readable medium storing instructions, that, whenexecuted by a processing device, cause the processing device to: access,by the processing device, a package management tool to identify one ormore files installed on the target using an original installationautomation file that have been modified; embed a copy of each of the oneor more files that have been modified in a reverse installationautomation file, the reverse installation automation file to re-installsoftware resources on the target in the event of a malfunction; insertat least one of a path, a command, or a key associated with a file notcontrolled by the package management tool into the reverse installationautomation file, wherein the file not controlled by the packagemanagement tool is stored in a backup storage system; embed a set ofsecurity credentials comprising an authorized key for the target in thereverse installation automation file to associate the set of securitycredentials with the reverse installation automation file, theauthorized key corresponding to another machine which is authorized toaccess the target; and store the reverse installation automation file ona machine that is not the target.
 13. The non-transitorymachine-readable medium of claim 12, wherein the instructions furthercause the processing device to associate the set of security credentialsby storing the set of security credentials to a backup system along witha set of commands to extract the set of security credentials from thebackup system.
 14. The non-transitory machine-readable medium of claim12, wherein the instructions further cause the processing device togenerate a storage section by generating a storage section representinga network mounted file system.
 15. The method of claim 1, wherein theinstallation automation file comprises a kickstart file and the reverseinstallation automation file comprises a reverse kickstart file.
 16. Thenon-transitory machine-readable medium of claim 12, wherein theinstallation automation file comprises a kickstart file and the reverseinstallation automation file comprises a reverse kickstart file.
 17. Thenon-transitory machine-readable medium of claim 12, wherein theinstructions further cause the processing device to associate additionalfiles not managed by a package management tool with the reverseinstallation automation file.